feat: Rootless container

Closes: #16

Author: ghusta

Dockerfile

@@ -6,6 +6,15 @@ RUN set -ex; \
     wget -q https://github.com/ghusta/FakeSMTP/releases/download/v${APP_VERSION}/fakeSMTP-${APP_VERSION}.jar -O fakeSMTP.jar; \
     mv fakeSMTP.jar /opt;
 
+# Create a non-privileged user that the app will run under.
+# See https://docs.docker.com/go/dockerfile-user-best-practices/
+ARG UID=10001
+RUN useradd --no-log-init --system --uid ${UID} fakesmtp \
+    && usermod --append --groups mail fakesmtp
+# User fakesmtp is added to system group mail to be able to write to /var/mail/
+# See permissions : ls -ld /var/mail
+USER fakesmtp
+
 EXPOSE 25
 VOLUME ["/var/mail"]